From 8b5be0b56de4c00b29064360bde7f1bba17ca93d Mon Sep 17 00:00:00 2001
From: ntimo <git@nowitzki.me>
Date: Wed, 2 Oct 2019 13:05:12 +0200
Subject: [PATCH] [Web] Return 401 status code when API authentication fails

---
 data/web/inc/sessions.inc.php | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/data/web/inc/sessions.inc.php b/data/web/inc/sessions.inc.php
index a94d438c..20232511 100644
--- a/data/web/inc/sessions.inc.php
+++ b/data/web/inc/sessions.inc.php
@@ -60,6 +60,7 @@ if (!empty($_SERVER['HTTP_X_API_KEY'])) {
     else {
       $redis->publish("F2B_CHANNEL", "mailcow UI: Invalid password for API_USER by " . $_SERVER['REMOTE_ADDR']);
       error_log("mailcow UI: Invalid password for " . $user . " by " . $_SERVER['REMOTE_ADDR']);
+      http_response_code(401);
       echo json_encode(array(
         'type' => 'error',
         'msg' => 'api access denied for ip ' . $_SERVER['REMOTE_ADDR']
@@ -71,6 +72,7 @@ if (!empty($_SERVER['HTTP_X_API_KEY'])) {
   else {
     $redis->publish("F2B_CHANNEL", "mailcow UI: Invalid password for API_USER by " . $_SERVER['REMOTE_ADDR']);
     error_log("mailcow UI: Invalid password for " . $user . " by " . $_SERVER['REMOTE_ADDR']);
+    http_response_code(401);
     echo json_encode(array(
       'type' => 'error',
       'msg' => 'authentication failed'